lordievader | Good morning. | 06:55 |
---|---|---|
elfy | morning lordievader | 07:23 |
lordievader | Hey elfy, how are you? | 07:24 |
elfy | mostly good thanks :) | 07:25 |
elfy | ask me in 20 minutes when I'll know if I get my day off or have to go in :p | 07:26 |
lordievader | Mostly good, hehe. Why only mostly? Missing your morning coffee? | 07:26 |
elfy | :) | 07:27 |
elfy | fully good now lordievader :p | 07:38 |
elfy | hi PaulW2U | 07:38 |
lordievader | Hehe | 07:39 |
PaulW2U | hi elfy, latest xubuntu is looking good | 07:39 |
elfy | even pink? :) | 07:40 |
PaulW2U | well.....it was a surprise. i might get to like it :) | 07:40 |
elfy | :) | 07:40 |
lordievader | Pink? I Xubuntu pink these days? | 07:41 |
elfy | lordievader: custom highlights to surprise one of the team | 07:41 |
BluesKaj | Hiyas all | 09:54 |
vitimiti | Has it happened to anybody else that the perl module of hexchat is lost in Ubuntu Utopic? | 10:15 |
vitimiti | hi, btw | 10:16 |
elfy | hi BluesKaj | 10:20 |
elfy | vitimiti: I think I saw someone else mention it | 10:20 |
BluesKaj | hi elfy | 10:20 |
vitimiti | elfy, I have this problem that I have more than a thousand lines of script in perl and the perl module is not loaded | 10:21 |
elfy | report it then | 10:21 |
vitimiti | elfy, alright | 10:21 |
BluesKaj | still waiting for the correct bash shell patch | 10:21 |
elfy | vitimiti: check it's not been reported first | 10:22 |
vitimiti | elfy, yeah, I'm on it | 10:22 |
elfy | BluesKaj: there was another in -proposed today :) | 10:22 |
BluesKaj | if it's in main, it tries to take out my desktop | 10:23 |
BluesKaj | do you have the exact sources.list deb url elfy, I would appreciate it if you posted it | 10:26 |
BluesKaj | bash (4.3-9ubuntu3) utopic installed, but check still shows vulnerable...guess it's going to be a while this bash vulnerability is straightened out | 11:13 |
BluesKaj | until | 11:14 |
k1l_ | well, was the 2nd patch already pushed to utopic? | 11:15 |
elfy | BluesKaj: sorry - didn't see your ping till it was too late | 11:15 |
BluesKaj | k1l_, dunno, how many patches are there? | 11:17 |
k1l_ | 2, so far. one quick fix and one from last night | 11:19 |
k1l_ | http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7169.html | 11:20 |
ubottu | GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apac... (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169) | 11:20 |
k1l_ | well, 4.3-9ubuntu3 should be the fix | 11:21 |
BluesKaj | ran this check and it shows I'm still vulnerable, unless the command isn't correct, env check='Not vulnerable' x='() { :;}; check=Vulnerable' bash -c 'echo $check' | 11:22 |
k1l_ | for 14.04 this check gives me: not vulv | 11:22 |
k1l_ | *vulnerable | 11:22 |
BluesKaj | well 14,10 here | 11:23 |
BluesKaj | so it.s the wrong patch for 14.10 | 11:23 |
k1l_ | well yes. but the bash patches were made in one task. so something on 14.10 seems to not work like intended | 11:24 |
TJ- | This is the patch: http://launchpadlibrarian.net/185797566/bash_4.3-9ubuntu2_4.3-9ubuntu3.diff.gz | 11:30 |
BluesKaj | TJ-, yes, that's what's installed but the vulnerability check for Kubuntu 14.10 still show vulnerable here | 11:41 |
TJ- | BluesKaj: Interesting; I've seen someone else report on 1 out of 100 servers patched, the vulnerability test still comes back positive after a complete reboot, too | 11:42 |
BluesKaj | anyway i guess the priority is for 14.04 and official releases | 11:43 |
BluesKaj | i don't see any firmware updates available for my TP-Link TL-WDR3600 Router...that's probly more important anyway | 11:45 |
TJ- | BluesKaj: Have you done a system reboot to check it? | 11:45 |
BluesKaj | TJ-, yes, there was a kernel upgrade as well | 11:46 |
TJ- | BluesKaj: So, not caused by in-memory instances | 11:46 |
BluesKaj | TJ-, whatever that means :) | 11:50 |
TJ- | BluesKaj: A package update only changes the files on the storage medium - any instances of a process running and in memory remain using the original code. That's why services have to be restarted after an upgrade | 11:51 |
TJ- | BluesKaj: So existing bash shells wouldn't be fixed by simply installing the fixed package - the shells would need to be exited an re-opened to use the fixed code | 11:52 |
=== kbroulik is now known as kbroulik-lunch | ||
lordievader | BluesKaj: Did you open a new bash instance to test the vunerablity? | 11:58 |
TJ- | lordievader: The PC was rebooted | 12:01 |
lordievader | Ah, never mind. | 12:02 |
xubuntu85w | Does anyone know if there is a bug in beta that prevents the use of encrypted installation? I can't unencrypt the disk on startup! | 12:08 |
xubuntu85w | happend with beta1/2 | 12:09 |
TJ- | xubuntu85w: Is the keyboard translation using some none ASCII characters, or no-US keyboard - it could be a simple key-code translation issue | 12:10 |
xubuntu85w | Password was "test" so I don't think so. | 12:11 |
TJ- | xubuntu85w: :) | 12:13 |
xubuntu85w | It works fine with 14.04.1 but not with 14.10. What could have changed? | 12:14 |
TJ- | xubuntu85w: You're using full disk encryption? | 12:15 |
xubuntu85w | Yes and also encrypted home folder. | 12:17 |
xubuntu85w | After Installation cryptsetup fails to accept the password!? | 12:18 |
TJ- | xubuntu85w: So you get a Plymouth splash screen prompting for the password? If instead of using that, you drop to the busybox shell and manually unlock the device, does it succeed? | 12:18 |
xubuntu85w | I didn't try that yet. | 12:20 |
xubuntu85w | How to do it manually? | 12:21 |
TJ- | xubuntu85w: cryptsetup luksOpen /dev/sdXY <device-mapper-name> | 12:24 |
BluesKaj | lordievader, sorry was away trying to fix the wireless KB for the desktop pc. yes I opened terminal and ran the vulnerability check after rebooting | 12:32 |
xubuntu85w | TJ I think it worked but what does it mean? | 12:36 |
TJ- | xubuntu85w: If it worked, you'll have "/dev/mapper/<device-mapper-name>" ... and the system should be able to continue booting. So, that would indicate that plymouth isn't communicating with cryptsetup correctly | 12:38 |
xubuntu85w | Yes "dev/mapper/..." is there. | 12:41 |
xubuntu85w | Can anyone else confirm this with a quick VM installation? | 12:43 |
=== kbroulik-lunch is now known as kbroulik | ||
TJ- | xubuntu85w: Confirmed | 13:18 |
TJ- | xubuntu85w: Tapping Caps Lock a couple of times solved it for me | 13:19 |
xubuntu85w | Thanks for the feedback! How to report it? | 13:21 |
TJ- | xubuntu85w: I'm checking whether it is a bug, or simply the system somehow having the shift key toggle locked on | 13:23 |
TJ- | xubuntu85w: Looks like a Plymouth issue - using "debug --debug --verbose" instead of "quiet splash" I get the text console and prompt, and that worked fine | 13:26 |
xubuntu85w | I tried holding Shift while typing the password, but that failed also. | 13:26 |
TJ- | xubuntu85w: I toggled Caps Lock a couple times, then it worked fine | 13:26 |
xubuntu85w | Okay, but I hope that it's easy to fix for the final release. | 13:28 |
TJ- | Ouch! the initrd's conf/conf.d/cryptroot looks bad! | 13:29 |
xubuntu85w | That sounds like bad news although I don't know what it means. | 13:30 |
TJ- | Ahhh, maybe OK. The initrd's cryptroot usually only has an entry for the root file-system in it, but here it has one for the swap partition too. | 13:32 |
xubuntu85w | In 14.04 swap didn't work with encrypted disk. | 13:35 |
TJ- | xubuntu85w: It did on my systems | 13:36 |
BluesKaj | TJ-, we just had a problem art kubuyntu where an encrypted swap was mucking up the plasma desktop and kde in general | 13:37 |
BluesKaj | art=at | 13:38 |
BluesKaj | er #kubuntu :) | 13:38 |
xubuntu85w | I had no swap after encrypted installation so I used file swap. | 13:39 |
BluesKaj | yeah I used file swap for a while tp preserve my partition table from logical partitioning | 13:40 |
TJ- | BluesKaj: That one looks like the problem started *after* the user tried to remove and then re-configure encrypted swap. My bet would be, they didn't correctly reconfigure the swap, its not working, and therefore the system is running out of RAM | 13:40 |
xubuntu85w | http://ubuntuforums.org/showthread.php?t=2224129 | 13:43 |
BluesKaj | I would like to try LVM, but it's unfamiliar territory and reluctant to take the plunge | 13:44 |
TJ- | BluesKaj: It's a lot of fun.... like a breath of fresh air compared to hard partitioning | 13:44 |
BluesKaj | TJ-, no doubt, how does one manage a dual boot setup etc | 13:45 |
TJ- | BluesKaj: Well, lets say currently there's a partition of 60G for Linux, that can be assigned as an LVM Physical Volume (PV) instead, which is assigned to a Volume Group (VG). In that VG we can create as many Logical Volumes (LV) as we want, of any size, and keep some space (called 'extents') unallocated (FREE) for use later. File-systems are created inside LVs. | 13:49 |
TJ- | BluesKaj: LVM won't affect Windows or dual-boot - GRUB still does all the same things, but it 'knows' how to read LVM volumes too | 13:49 |
BluesKaj | son the LVs are dynamic within the VG and the VG is a fixed size ? | 13:58 |
BluesKaj | son=so | 13:58 |
BluesKaj | TJ-,^ | 13:59 |
TJ- | BluesKaj: The LVs are fixed size... they can be whole disks or partitions. Many PVs can be assigned to a single VG. LVs within VGs can be any size that fits within the total extents (usually 4MB each) of the VG | 14:00 |
TJ- | BluesKaj: LVs can be RAIDed across multiple PVs of the VG for resilience; snapshots of LVs can be taken for online backup, 'restore points' and so forth | 14:01 |
BluesKaj | ok , I think i get the picture now | 14:02 |
TJ- | BluesKaj: I appreciate it only needing a couple of commands to resize a file-system as needed: "lvresize + resize2fs" for example, to do an online resize of an EXT file-system | 14:04 |
lordievader | That is nice ain't it :D | 14:04 |
lordievader | Hmm, I'm out of space... there I have space again :) | 14:04 |
BluesKaj | yeah , instead having to muck about with gparted etc | 14:05 |
BluesKaj | err instead of | 14:05 |
BluesKaj | i better find my glasses ..my old eyes are giving me a difficult time today | 14:06 |
TJ- | BluesKaj: Add monitors :) | 14:11 |
TJ- | BluesKaj: My biggest use of LVs is for transient virtual machine guest images for testing; for chroot's for testing and building packages, and so on. | 14:12 |
BluesKaj | TJ-, sometimes I use the TV as a monitor with the desktop media server pc when on IRC, but i'm using this laptop mostly these days and quite frankly the keyboard seems offset compared to the desktop types and it throws me off | 14:15 |
TJ- | BluesKaj: I know the feeling - I've got 2 Apple Wireless bluetooth keyboards (the nice big 100 key versions), and the travel on the keys versus the laptop travel causes me lots of terrible typos | 14:17 |
BluesKaj | TJ-, nice KBs tho :) | 14:18 |
TJ- | BluesKaj: Yeah, about the only Apple device I'll touch though :) | 14:19 |
TJ- | I've got a bank of 6 monitors here so I have both keyboards connected and I can use them in front of particular monitors, rather than moving the keyboard about | 14:20 |
BluesKaj | some kind of work station ? | 14:20 |
TJ- | Laptop | 14:21 |
BluesKaj | with 6 monitors ...that's quite a setup | 14:22 |
TJ- | Dell XPS 1530 -> ExpressCard/34 -> ViDock 4 -> Nvidia Quadro NVS420 - adds 2 GPUs and 4 heads to the laptop's internal 2 heads (LVDS + HDMI) | 14:23 |
TJ- | Each head drives a 1920x1200 LCD, 3 in portrait mode, 3 landscape, configured across 4 X screens | 14:26 |
ceed^ | I updated from 14.04 to 14.10 without problems. But I have a bunch gpg key not available error messages from apt with I run an update. I have tried to add the keys but the messages are still there. Any idea what may be the problem? | 15:12 |
TJ- | ceed^: find out which keys are missing, and check the key-server and package containing keys - one or more for 14.10 is possibly not installed/updated correctly | 15:21 |
ceed^ | TJ-: So there's no way to have it check and download the missing keys? There's so many it's going to take a lot of time. | 15:24 |
TJ- | ceed^: I suspect checking on one you may be able to identify the package containing it, (re)install that package, and fix many of the others too | 15:25 |
ceed^ | Sorry, I'm not very good with this. How do I find out which package has missing keys? | 15:27 |
ceed^ | These are all the error messages: http://hastebin.com/ilawenukes.mel | 15:28 |
TJ- | ceed^: look carefully - the main missing key is 40976EAF437D05B5 | 15:30 |
k1l | sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 40976EAF437D05B5 | 15:32 |
TJ- | k1l: No! we're trying to figure out which package should have been installed that carries that key | 15:33 |
k1l | hmm, ok | 15:33 |
TJ- | ceed^: You can see which key that is using the Ubuntu key-server, with http://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0x40976EAF437D05B5&fingerprint=on | 15:33 |
TJ- | ceed^: The key's name is "Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>" which makes sense because it is for signing packages, so we need to figure out which package the system is missing, that contains that key | 15:34 |
k1l | !info launchpad-getkeys | 15:34 |
ubottu | Package launchpad-getkeys does not exist in utopic | 15:34 |
TJ- | The package should be "ubuntu-keyring" | 15:35 |
k1l | yes | 15:36 |
TJ- | ceed^: Try this, you should get the same result as me: "grep 'Ubuntu Archive Automatic Signing Key' /usr/share/keyrings/*" => "Binary file /usr/share/keyrings/ubuntu-archive-keyring.gpg matches" | 15:36 |
ceed^ | bash: grep 'Ubuntu Archive Automatic Signing Key' /usr/share/keyrings/*: No such file or directory | 15:39 |
TJ- | ceed^: The postinst script should copy " /usr/share/keyrings/ubuntu-archive-keyring.gpg" to "/var/lib/apt/keyrings/" | 15:39 |
TJ- | ceed^: Ouch! something went seriously wrong with the upgrade | 15:40 |
ceed^ | TJ-: It did? Everything works fine except for those gpg errors I get | 15:41 |
TJ- | ceed^: If ubuntu-keyrings was removed, and not replaced, that's a pretty big error | 15:41 |
TJ- | ceed^: You need to manually download the .deb file, install it manually, and then it ought to work | 15:41 |
ceed^ | The ubuntu-keyrings deb? | 15:42 |
TJ- | ceed^: The version in Utopic is: http://packages.ubuntu.com/utopic/ubuntu-keyring | 15:42 |
TJ- | ceed^: You can download it with the link provided there: "wget http://archive.ubuntu.com/ubuntu/pool/main/u/ubuntu-keyring/ubuntu-keyring_2012.05.19_all.deb" | 15:43 |
ceed^ | When I try to install it it says: Error: no longer provides ubuntu-keyring | 15:43 |
TJ- | ceed^: Then install it with "sudo dpkg -i ubuntu-keyring_2012.05.19_all.deb" | 15:43 |
TJ- | Huh? | 15:44 |
ceed^ | I used gdebi tro try to install it | 15:44 |
ceed^ | I'll try from command line | 15:44 |
ceed^ | dpkg: error processing package ubuntu-keyring (--install): | 15:46 |
ceed^ | subprocess installed post-installation script returned error exit status 2 | 15:46 |
ceed^ | Errors were encountered while processing: | 15:46 |
ceed^ | ubuntu-keyring | 15:46 |
TJ- | ceed^: Has the system run out of space on the root file-system ("df -h") ? | 15:47 |
ceed^ | TJ-: Nope, plenty of space on all partitions | 15:48 |
TJ- | ceed^: run that script manually, let's see what is going on: "sudo sh -x /var/lib/dpkg/info/ubuntu-keyring.postinst" | 15:49 |
ceed^ | Here's the full output when I try to install: http://hastebin.com/ibihawuxuy.hs | 15:49 |
TJ- | ceed^: The error is right there "resource limit" | 15:50 |
ceed^ | Not sure what that means, sorry :) | 15:50 |
ceed^ | When I run the script I get: http://hastebin.com/utapigudil.hs | 15:52 |
TJ- | ceed^: I dealt with this same bug back in March, here's the appropriate report bug 1263540 | 15:53 |
ubottu | bug 1263540 in apt (Ubuntu) "Apt-get reports NO_PUBKEY gpg error for keys that are present in trusted.gpg." [Undecided,Confirmed] https://launchpad.net/bugs/1263540 | 15:53 |
TJ- | ceed^: Check in particular comment #7 | 15:54 |
ceed^ | Will do, thanks! | 15:54 |
TJ- | ceed^: In summary, you've added so many PPAs and other non-core repositories that GPG, the key-tool, cannot load all the trust files | 15:57 |
ceed^ | Ah ok | 16:16 |
ceed^ | So if I remove some of the ppa's I would be fine? | 16:17 |
TJ- | ceed^: Yes, or any empty .gpg files in "/etc/apt/trusted.gpg.d/" | 16:21 |
ceed^ | I will have a look | 16:22 |
TJ- | ceed^: I do wonder if those files can be simply combined with 'cat' to make one file, but I don't feel like testing that idea right now :) | 16:22 |
ceed^ | Ok! :) Lots of old gunk in /etc/apt/trusted.gpg.d/ Cleaning house now. | 16:29 |
ceed^ | TJ-: That was all I had to do: Clean out old and empty gpg keys. apt-get update runs clean now. Thank you so much! | 16:33 |
TJ- | ceed^: You're welcome - I had totally forgotten working on that same bug, until I was searching for the same thing :) | 16:33 |
ceed^ | TJ-: I think I have been removing repos and the keys have been left behind for a long time. Good to know there's a gotcha there if you do not keep it relatively clean :) | 16:35 |
vitimiti | hi | 22:41 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!